As satellite networks grow larger and begin to incorporate interplanetary communication, there is an increasing interest in the unsolved problem of how to approach PKI in these conditions. In this paper we explore the goals and requirements for implementing key management systems in satellite networks, focusing on megaconstellations and interplanetary networks. We design a set of standardized experiments which can be used to compare systems against one another for particular network topologies. Using these, we demonstrate that terrestrial PKI techniques are feasible in highly distributed interplanetary networks, showing that it is possible to configure PKI systems to achieve efficient low-latency connection establishment, and minimize the impact of attacks through effective revocations. We evaluate this by building the Deep Space Network Simulator (DSNS), a novel network simulator aimed at efficient simulation of large space networks. We run simulations evaluating connection establishment and key revocation under a wide range of PKI configurations. Finally, we propose and evaluate two additional configuration options: OCSP Hybrid, and the use of relay nodes as a firewall. Together these minimize the extent of the network an attacker can reach with a compromised key, and reduce the attacker's load on interplanetary relay links.

翻译：随着卫星网络规模的不断扩大并开始融入星际通信，如何在这些条件下构建公钥基础设施（PKI）这一未解难题日益受到关注。本文探讨了在卫星网络中实施密钥管理系统的目标与要求，重点关注巨型星座与星际网络。我们设计了一套标准化实验方案，可用于在特定网络拓扑结构下对不同系统进行对比评估。通过实验论证，我们证明地面PKI技术在高度分布式的星际网络中具有可行性，表明通过合理配置PKI系统能够实现高效低延迟的连接建立，并借助有效的证书撤销机制最大限度降低攻击影响。为此我们开发了深空网络模拟器（DSNS）——一种面向大规模空间网络高效仿真的新型网络模拟平台。通过该平台，我们在多种PKI配置下模拟评估了连接建立与密钥撤销性能。最后，我们提出并评估了两种增强配置方案：OCSP混合模式以及将中继节点作为防火墙使用。这些方案共同作用，既能限制攻击者利用泄露密钥可触及的网络范围，又能降低攻击者对星际中继链路的负载压力。